Skip to main content

Kubernetes

603 CVEs product

Monthly

CVE-2022-2238 MEDIUM This Month

A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Red Hat SQLi Advanced Cluster Management For Kubernetes
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-1902 HIGH POC This Week

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Red Hat Privilege Escalation Advanced Cluster Security
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-36055 Go MEDIUM PATCH This Month

Helm is a tool for managing Charts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Denial Of Service Helm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-36035 Go HIGH PATCH This Week

Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories), and automating updates to configuration when there is new code to deploy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Kubernetes Path Traversal Flux2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-31677 Go MEDIUM PATCH This Month

An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Pinniped
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-35976 CRITICAL Act Now

The GitOps Tools Extension for VSCode relies on kubeconfigs in order to communicate with Kubernetes clusters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Kubernetes Command Injection Gitops Tools
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-35930 Go HIGH PATCH This Week

PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Kubernetes Jwt Attack Policy Controller
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-31105 Go CRITICAL PATCH Act Now

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
CVSS 3.1
9.6
EPSS
0.8%
CVE-2022-31102 Go MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes XSS Argo Cd
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-22472 HIGH This Week

IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes IBM Red Hat Spectrum Protect Plus Container Backup And Restore
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-31098 Go HIGH PATCH This Week

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Kubernetes Information Disclosure Weave Gitops
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-31077 Go MEDIUM PATCH This Month

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Kubernetes Null Pointer Dereference Kubeedge
NVD GitHub
CVSS 3.1
5.7
EPSS
0.8%
CVE-2022-31076 Go MEDIUM POC PATCH This Month

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Kubernetes Null Pointer Dereference Kubeedge
NVD GitHub
CVSS 3.1
5.7
EPSS
0.6%
CVE-2022-31036 Go MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-31035 Go MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Kubernetes XSS Argo Cd
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-31034 Go HIGH PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2022-31016 Go MEDIUM PATCH This Month

Argo CD is a declarative continuous deployment for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Kubernetes Argo Cd
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-31054 Go HIGH PATCH This Week

Argo Events is an event-driven workflow automation framework for Kubernetes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Kubernetes Argo Events
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-31055 HIGH PATCH This Week

kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) competitions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Kubernetes Kctf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-31030 Go MEDIUM PATCH This Month

containerd is an open source container runtime. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Kubernetes Containerd Debian Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-29179 Go HIGH PATCH This Week

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes Cilium
NVD GitHub
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-29165 Go CRITICAL POC PATCH Act Now

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
CVSS 3.1
10.0
EPSS
1.9%
CVE-2022-24905 Go MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
CVSS 3.1
4.3
EPSS
1.2%
CVE-2022-24904 Go MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
CVSS 3.1
4.3
EPSS
1.1%
CVE-2022-22975 MEDIUM This Month

An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Kubernetes Code Injection Pinniped
NVD GitHub
CVSS 3.1
6.6
EPSS
0.9%
CVE-2022-24878 Go MEDIUM PATCH This Month

Flux is an open and extensible continuous delivery solution for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Kubernetes Path Traversal Flux2 Kustomize Controller
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-24877 Go HIGH PATCH This Week

Flux is an open and extensible continuous delivery solution for Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes Information Disclosure Path Traversal Flux2 +1
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-29171 HIGH This Week

Sourcegraph is a fast and featureful code search and navigation engine. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes RCE Grafana Sourcegraph
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2022-29164 Go HIGH PATCH This Week

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Kubernetes Argo Workflows
NVD GitHub
CVSS 3.1
7.1
EPSS
0.9%
CVE-2022-24817 Go CRITICAL PATCH Act Now

Flux2 is an open and extensible continuous delivery solution for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Privilege Escalation Kubernetes RCE Code Injection Flux2 +2
NVD GitHub
CVSS 3.1
9.9
EPSS
1.0%
CVE-2022-0567 CRITICAL Act Now

A flaw was found in ovn-kubernetes. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Ovn Kubernetes
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-24829 CRITICAL PATCH Act Now

Garden is an automation platform for Kubernetes development and testing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Kubernetes Garden
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-0759 Ruby HIGH PATCH This Week

A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Kubernetes Information Disclosure Kubeclient
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2022-24768 Go HIGH PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Privilege Escalation Kubernetes Information Disclosure Argo Cd
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-24731 Go MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Path Traversal Argo Cd
NVD GitHub
CVSS 3.1
4.9
EPSS
0.9%
CVE-2022-24730 Go MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Path Traversal Argo Cd
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-0811 Go HIGH PATCH This Week

A flaw was found in CRI-O in the way it set kernel options for a pod. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes RCE Code Injection Cri O
NVD GitHub
CVSS 3.1
8.8
EPSS
18.6%
CVE-2022-27211 Maven MEDIUM This Month

A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes Jenkins Kubernetes Continuous Deploy
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-27210 Maven MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes CSRF Jenkins Kubernetes Continuous Deploy
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-27209 Maven MEDIUM This Month

A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes Jenkins Kubernetes Continuous Deploy
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-27208 Maven MEDIUM This Month

Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Jenkins Path Traversal Kubernetes Continuous Deploy
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2022-26311 HIGH This Week

Couchbase Operator 2.2.x before 2.2.3 exposes Sensitive Information to an Unauthorized Actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Cloud Native Operator
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-23648 Go HIGH POC PATCH THREAT This Week

containerd is a container runtime available as a daemon for Linux and Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Kubernetes Microsoft Information Disclosure Containerd Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
27.4%
CVE-2022-23652 Go HIGH POC PATCH This Week

capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Authentication Bypass Kubernetes Capsule Proxy
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-8562 Go LOW Monitor

As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Kubernetes
NVD GitHub VulDB
CVSS 3.1
2.2
EPSS
0.1%
CVE-2021-43858 HIGH PATCH This Week

MinIO is a Kubernetes native application for cloud storage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Kubernetes Privilege Escalation Minio
NVD GitHub
CVSS 3.1
8.8
EPSS
35.5%
CVE-2021-43979 MEDIUM PATCH This Month

Styra Open Policy Agent (OPA) Gatekeeper through 3.7.0 mishandles concurrency, sometimes resulting in incorrect access control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Kubernetes Authentication Bypass Gatekeeper
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-41266 Go CRITICAL POC PATCH THREAT Act Now

Minio console is a graphical user interface for the for MinIO operator. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Authentication Bypass Minio Console
NVD GitHub
CVSS 3.1
9.8
EPSS
46.7%
CVE-2021-41254 Go HIGH POC PATCH This Week

kustomize-controller is a Kubernetes operator, specialized in running continuous delivery pipelines for infrastructure and workloads defined with Kubernetes manifests and assembled with Kustomize. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Command Injection Kustomize Controller
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-41137 HIGH PATCH This Week

Minio is a Kubernetes native application for cloud storage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Kubernetes Authentication Bypass Minio
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-25738 Maven MEDIUM PATCH This Month

Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Kubernetes RCE Java
NVD GitHub
CVSS 3.1
6.7
EPSS
0.5%
CVE-2021-25741 Go HIGH PATCH This Week

A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure
NVD GitHub
CVSS 3.1
8.1
EPSS
6.5%
CVE-2021-25740 Go LOW Monitor

A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Kubernetes
NVD GitHub VulDB
CVSS 3.1
3.1
EPSS
0.5%
CVE-2020-8561 Go MEDIUM This Month

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes
NVD GitHub VulDB
CVSS 3.1
4.1
EPSS
0.2%
CVE-2021-25737 Go MEDIUM PATCH This Month

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

Kubernetes Information Disclosure
NVD GitHub
CVSS 3.1
4.8
EPSS
1.3%
CVE-2021-25735 Go MEDIUM PATCH This Month

A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kubernetes
NVD GitHub
CVSS 3.1
6.5
EPSS
5.5%
CVE-2021-39159 PyPI CRITICAL PATCH Act Now

BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Docker Kubernetes RCE Code Injection Binderhub
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-32783 Go HIGH PATCH This Week

Contour is a Kubernetes ingress controller using Envoy proxy. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity.

Kubernetes Denial Of Service Contour
NVD GitHub
CVSS 3.1
8.5
EPSS
1.2%
CVE-2021-32690 Go HIGH PATCH This Week

Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Helm
NVD GitHub
CVSS 3.1
8.6
EPSS
1.4%
CVE-2021-21661 Maven MEDIUM PATCH This Month

Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Jenkins Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2021-31938 HIGH PATCH This Week

Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Kubernetes Microsoft Information Disclosure Kubernetes Tools
NVD
CVSS 3.1
7.3
EPSS
2.0%
CVE-2021-3499 Go MEDIUM This Month

A vulnerability was found in OVN Kubernetes in versions up to and including 0.3.0 where the Egress Firewall does not reliably apply firewall rules when there is multiple DNS rules. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Kubernetes Authentication Bypass Ovn Kubernetes
NVD
CVSS 3.1
5.6
EPSS
0.8%
CVE-2021-28448 HIGH PATCH This Week

Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Kubernetes RCE Visual Studio Code Kubernetes Tools
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-20218 Maven HIGH PATCH This Week

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Kubernetes Path Traversal Kubernetes Client A Mq Online Build Of Quarkus +6
NVD GitHub
CVSS 3.1
7.4
EPSS
1.3%
CVE-2021-21334 Go MEDIUM PATCH This Month

In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Kubernetes Information Disclosure Containerd Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
2.0%
CVE-2021-24109 MEDIUM PATCH This Month

Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Kubernetes Microsoft Information Disclosure Azure Kubernetes Service
NVD
CVSS 3.1
6.8
EPSS
2.0%
CVE-2021-21303 Go MEDIUM PATCH This Month

Helm is open-source software which is essentially "The Kubernetes Package Manager". Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Kubernetes Information Disclosure Helm
NVD GitHub
CVSS 3.1
6.8
EPSS
1.0%
CVE-2020-8554 Go MEDIUM POC PATCH THREAT This Month

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 25.3%.

Information Disclosure Kubernetes Communications Cloud Native Core Network Slice Selection Function Communications Cloud Native Core Policy Communications Cloud Native Core Service Communication Proxy
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
25.3%
CVE-2021-21243 CRITICAL PATCH Act Now

OneDev is an all-in-one devops platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Deserialization Kubernetes Onedev
NVD GitHub
CVSS 3.1
9.8
EPSS
54.5%
CVE-2020-8566 Go MEDIUM PATCH This Month

In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Kubernetes Information Disclosure
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-8565 Go MEDIUM PATCH This Month

In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Kubernetes Information Disclosure
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-8564 Go MEDIUM PATCH This Month

In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Kubernetes Docker Information Disclosure
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-8563 Go MEDIUM PATCH This Month

In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Kubernetes Information Disclosure
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-15257 Go MEDIUM PATCH This Month

containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity.

Kubernetes Microsoft Docker Information Disclosure Containerd +2
NVD GitHub
CVSS 3.1
5.2
EPSS
3.2%
CVE-2020-28914 HIGH This Week

An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Kata Containers
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2020-13358 MEDIUM This Month

A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Kubernetes Gitlab Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-2309 Maven MEDIUM PATCH This Month

A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Jenkins Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2020-2308 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Jenkins Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2020-2307 Maven MEDIUM PATCH This Month

Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Jenkins Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2020-13327 HIGH This Week

An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Kubernetes Gitlab Information Disclosure Runner
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-15157 Go MEDIUM PATCH This Month

In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Kubernetes Docker Information Disclosure Containerd Ubuntu Linux +1
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2020-15127 HIGH PATCH This Week

In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Kubernetes Authentication Bypass Contour
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-8553 Go MEDIUM PATCH This Month

The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Kubernetes Nginx Ingress Nginx
NVD GitHub
CVSS 3.1
5.9
EPSS
0.9%
CVE-2020-8558 Go HIGH POC PATCH This Week

The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kubernetes
NVD GitHub
CVSS 3.1
8.8
EPSS
3.6%
CVE-2020-8557 Go MEDIUM PATCH This Month

The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Kubernetes Denial Of Service
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-8559 Go MEDIUM POC PATCH This Month

The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Open Redirect
NVD GitHub
CVSS 3.1
6.8
EPSS
6.1%
CVE-2020-2211 Maven HIGH This Week

Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes RCE Deserialization Jenkins Kubernetes Ci
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-5911 HIGH This Week

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubuntu Nginx Debian Kubernetes Information Disclosure +1
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2020-4062 CRITICAL PATCH Act Now

In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity.

Kubernetes Docker PostgreSQL Authentication Bypass Conjur Oss Helm Chart
NVD GitHub
CVSS 3.1
9.0
EPSS
1.4%
CVE-2020-13264 MEDIUM This Month

Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.1%
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Red Hat SQLi +1
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Red Hat Privilege Escalation +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Helm is a tool for managing Charts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Denial Of Service Helm
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories), and automating updates to configuration when there is new code to deploy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Kubernetes Path Traversal Flux2
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Pinniped
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

The GitOps Tools Extension for VSCode relies on kubeconfigs in order to communicate with Kubernetes clusters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Kubernetes Command Injection +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Kubernetes Jwt Attack +1
NVD GitHub
EPSS 1% CVSS 9.6
CRITICAL PATCH Act Now

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes XSS Argo Cd
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes IBM +2
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Kubernetes Information Disclosure Weave Gitops
NVD GitHub
EPSS 1% CVSS 5.7
MEDIUM PATCH This Month

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Kubernetes Null Pointer Dereference +1
NVD GitHub
EPSS 1% CVSS 5.7
MEDIUM POC PATCH This Month

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Kubernetes Null Pointer Dereference +1
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Kubernetes XSS Argo Cd
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Argo CD is a declarative continuous deployment for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Kubernetes Argo Cd
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Argo Events is an event-driven workflow automation framework for Kubernetes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Kubernetes Argo Events
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) competitions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Kubernetes Kctf
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

containerd is an open source container runtime. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Kubernetes Containerd +2
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes Cilium
NVD GitHub
EPSS 2% CVSS 10.0
CRITICAL POC PATCH Act Now

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
EPSS 1% CVSS 6.6
MEDIUM This Month

An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Kubernetes Code Injection Pinniped
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Flux is an open and extensible continuous delivery solution for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Kubernetes Path Traversal +2
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Flux is an open and extensible continuous delivery solution for Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes Information Disclosure +3
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

Sourcegraph is a fast and featureful code search and navigation engine. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes RCE Grafana +1
NVD GitHub
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Kubernetes Argo Workflows
NVD GitHub
EPSS 1% CVSS 9.9
CRITICAL PATCH Act Now

Flux2 is an open and extensible continuous delivery solution for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Privilege Escalation Kubernetes RCE +4
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL Act Now

A flaw was found in ovn-kubernetes. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Ovn Kubernetes
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Garden is an automation platform for Kubernetes development and testing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Kubernetes Garden
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Kubernetes Information Disclosure Kubeclient
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Privilege Escalation Kubernetes Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Path Traversal Argo Cd
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Path Traversal Argo Cd
NVD GitHub
EPSS 19% CVSS 8.8
HIGH PATCH This Week

A flaw was found in CRI-O in the way it set kernel options for a pod. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes RCE Code Injection +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes Jenkins +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes CSRF Jenkins +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes Jenkins +1
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Jenkins Path Traversal +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Couchbase Operator 2.2.x before 2.2.3 exposes Sensitive Information to an Unauthorized Actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Cloud Native Operator
NVD
EPSS 27% CVSS 7.5
HIGH POC PATCH THREAT This Week

containerd is a container runtime available as a daemon for Linux and Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Kubernetes Microsoft Information Disclosure +3
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Authentication Bypass Kubernetes +1
NVD GitHub
EPSS 0% CVSS 2.2
LOW Monitor

As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Kubernetes
NVD GitHub VulDB
EPSS 35% CVSS 8.8
HIGH PATCH This Week

MinIO is a Kubernetes native application for cloud storage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Kubernetes Privilege Escalation Minio
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Styra Open Policy Agent (OPA) Gatekeeper through 3.7.0 mishandles concurrency, sometimes resulting in incorrect access control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Kubernetes Authentication Bypass Gatekeeper
NVD GitHub
EPSS 47% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Minio console is a graphical user interface for the for MinIO operator. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Authentication Bypass Minio Console
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

kustomize-controller is a Kubernetes operator, specialized in running continuous delivery pipelines for infrastructure and workloads defined with Kubernetes manifests and assembled with Kustomize. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Command Injection Kustomize Controller
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Minio is a Kubernetes native application for cloud storage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Kubernetes Authentication Bypass Minio
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Kubernetes RCE Java
NVD GitHub
EPSS 7% CVSS 8.1
HIGH PATCH This Week

A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure
NVD GitHub
EPSS 1% CVSS 3.1
LOW Monitor

A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Kubernetes
NVD GitHub VulDB
EPSS 0% CVSS 4.1
MEDIUM This Month

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes
NVD GitHub VulDB
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

Kubernetes Information Disclosure
NVD GitHub
EPSS 6% CVSS 6.5
MEDIUM PATCH This Month

A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kubernetes
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Docker Kubernetes RCE +2
NVD GitHub
EPSS 1% CVSS 8.5
HIGH PATCH This Week

Contour is a Kubernetes ingress controller using Envoy proxy. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity.

Kubernetes Denial Of Service Contour
NVD GitHub
EPSS 1% CVSS 8.6
HIGH PATCH This Week

Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Helm
NVD GitHub
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Jenkins Information Disclosure
NVD
EPSS 2% CVSS 7.3
HIGH PATCH This Week

Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Kubernetes Microsoft Information Disclosure +1
NVD
EPSS 1% CVSS 5.6
MEDIUM This Month

A vulnerability was found in OVN Kubernetes in versions up to and including 0.3.0 where the Egress Firewall does not reliably apply firewall rules when there is multiple DNS rules. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Kubernetes Authentication Bypass Ovn Kubernetes
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Kubernetes RCE Visual Studio Code Kubernetes Tools
NVD
EPSS 1% CVSS 7.4
HIGH PATCH This Week

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Kubernetes Path Traversal Kubernetes Client +8
NVD GitHub
EPSS 2% CVSS 6.3
MEDIUM PATCH This Month

In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Kubernetes Information Disclosure Containerd +1
NVD GitHub
EPSS 2% CVSS 6.8
MEDIUM PATCH This Month

Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Kubernetes Microsoft Information Disclosure +1
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

Helm is open-source software which is essentially "The Kubernetes Package Manager". Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Kubernetes Information Disclosure Helm
NVD GitHub
EPSS 25% CVSS 6.3
MEDIUM POC PATCH THREAT This Month

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 25.3%.

Information Disclosure Kubernetes Communications Cloud Native Core Network Slice Selection Function +2
NVD GitHub VulDB
EPSS 54% CVSS 9.8
CRITICAL PATCH Act Now

OneDev is an all-in-one devops platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Deserialization Kubernetes Onedev
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Kubernetes Information Disclosure
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Kubernetes Information Disclosure
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Kubernetes Docker Information Disclosure
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Kubernetes Information Disclosure
NVD GitHub
EPSS 3% CVSS 5.2
MEDIUM PATCH This Month

containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity.

Kubernetes Microsoft Docker +4
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Kata Containers
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Kubernetes Gitlab Authentication Bypass
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Jenkins Information Disclosure
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Jenkins Information Disclosure
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Jenkins Information Disclosure
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Kubernetes Gitlab Information Disclosure +1
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Kubernetes Docker Information Disclosure +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Kubernetes Authentication Bypass Contour
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Kubernetes Nginx +1
NVD GitHub
EPSS 4% CVSS 8.8
HIGH POC PATCH This Week

The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kubernetes
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Kubernetes Denial Of Service
NVD GitHub
EPSS 6% CVSS 6.8
MEDIUM POC PATCH This Month

The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Open Redirect
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes RCE Deserialization +2
NVD
EPSS 1% CVSS 7.3
HIGH This Week

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubuntu Nginx Debian +3
NVD
EPSS 1% CVSS 9.0
CRITICAL PATCH Act Now

In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity.

Kubernetes Docker PostgreSQL +2
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Gitlab Information Disclosure
NVD
Prev Page 6 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy